Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.11.0
-
None
-
None
Description
The Java TSaslTransport, when auth-conf or auth-int is enabled, doesn't respect the SASL negotiated maximum send buffer size. The result is that the Thrift SASL transport will transmit SASL encoded frames larger than the buffer size, the receiver may not be able to decode.
The JDK's SaslOutputStream handles this correctly by 'packetizing' the outgoing message; see SaslOutputStream.write for an example, especially how the recvMaxBufSize field is used.
This is problematic for Thrift implementations which use RFC 4422 compliant SASL implementations such as Cyrus SASL, since large messages sent by the Java implementation can't be received.